*Third Party Risk Management Analyst*** Under moderate supervision, responsible for developing and implementing systems and processes to protect the Bank’s information resources.
* Proactively researches and gathers information security intelligence and best practices to address emerging security needs.
* Acts as a subject matter expert and principal consultant to business clients and department management on matters of third party risk.
* Provides expert guidance to department management and business lines to ensure compliance and mitigation of risks.
* Creates and owns objectives that support Department Strategic Goals. Generally acts in either an assurance or operational capacity.
* Education: Bachelor’s Degree in Computer Science, Information Systems or other related field, or equivalent work experience
*Experience: three to five years Functional Knowledge Preferences Knowledge Areas: Info Security Frameworks Network Design & Architecture Third Party Cyber Risk Technical Writing Technical Skills
: Microsoft Command Line Tools Microsoft Scripting Platforms Vendor Risk Management Tools Automated Workflow Management Certifications/ Licenses
: GCWN/GCUX/GSEC/ GISF CISA/CAP/ SSCP /CRISC GCIH / GCIA / CISSP Security+ Individual Competencies Demonstrates Self-Awareness Problem Solving Action-Oriented Collaborates Communicates Effectively
• Develops and maintains strong working relationships with business areas throughout the enterprise. Advises business lines and IT team on security requirements and best practices.
• Participates in District and System third party risk management workgroups and initiatives.
• Perform third party risk assessments upon all third parties at point of engagement and throughout the supplier relationship
• Works on multiple Information Security projects as a team member
• Work with third parties and their internal relationship owners to identify and remediate risks as required
• Provide clear and high quality risk reports, with guidance and recommendations, to enable senior business owners to make the most appropriate risk decisions relating to the use of third parties
• Support contractual reviews for new and existing suppliers
• Leverage intelligence, industry best practices (NIST CSF) and the regulatory landscape (such as GDPR, FCA, and FFIEC) to ensure a rounded assessment of the security risk posed to the Bank
• Serves as a subject matter expert (SME) for performing vendor risk assessments to improve overall vendor risk posture
• Engage directly with clients to gather a full understanding of project scope and business requirements.
• Coordinates with vendors to ensure managed services are implemented and maintained appropriately.
• May participate in strategic planning activities
• Monitors compliance with security policies, standards, guidelines and procedures.
• Assists in the development of processes and procedures for the information security governance program, including control document reviews, participant assessment preparation, meeting coordination, assessment finding mediation, assisting control owner with remediation plan development, tracking findings through remediation, progress monitoring, reporting, and escalation.
Remote (prefer Atlanta as position would be a hybrid (onsite/remote) once returned to the office.